Securely working from home – with 2FA
22.04.2020 – Airlock Reference Frankfurter Bankgesellschaft (Schweiz) AG
For a long time, working from home seemed to be just a nice little extra for employees. Until March 2020. When lockdown was implemented, remote working became vital to the survival of many companies. Two aspects were of central importance for Frankfurter Bankgesellschaft: firstly, virtual collaboration had to be completely secure, and, secondly, the bank also needed to change the internal processes during a crisis that was already very consultancy-intensive.
The Frankfurter Bankgesellschaft Group, headquartered in Zurich, is the private bank of the Sparkassen-Finanzgruppe and provides exclusive services to high-net-worth clients. Due to the turbulence on the stock market caused by the coronavirus crisis, employees had to do the best they could in spring 2020 – not in the office, but rather from home.
Advising customers, making large transactions and managing assets from home is unusual for banks. And it can be quite risky for financial institutions – in terms of data protection, data security and the possibility of external attacks. This is why a consistent security architecture that guarantees completely secure identity and access management (IAM), in addition to being easy and understandable to use, is required. And Frankfurter Bankgesellschaft had a crucial competitive advantage in that respect.
Integrated security solutions: cIAM and 2FA
Frankfurter Bankgesellschaft has been relying on the Airlock Secure Access Hub for some time now. What makes this integrated complete solution so advantageous is the fact that, thanks to a powerful cIAM system, all user and access privileges are managed centrally and upstream. So data security was guaranteed. But what was not yet guaranteed was an outstanding user experience that meets the needs of around 200 bank employees and ensures a seamless flow of authentication processes with single sign-on. For Steve Erzberger, the CTO of the bank, one thing was clear: ‘The previous authentication method (using RSA tokens) no longer meets usability requirements nowadays, and the future lies in simple passwordless procedures.’ That is why Mr Erzberger got in touch with Ergon – in mid-January 2020, weeks before Covid-19 was even on the public radar.
The requirements profile for the new access control system was quickly sketched out. What the bank was looking for was a futureproof two-factor authentication (2FA) system, where an additional factor is used as well as the first factor (‘knowledge’, such as a password that only the user knows). The second factor can be ‘having’ (e.g. a mobile phone in the possession of the user) or, more conveniently, be based on ‘being’ (such as biometric properties such as veins on the palm of your hand or facial recognition). Frankfurter Bankgesellschaft has also opted for this one-touch solution. This facilitated passwordless authentication, which is extremely easy for employees to use and very efficient for the IT Department. Not only does this allow employees who no longer need a password and are authenticated by means of single sign-on to concentrate on their tasks better; it also significantly reduces the burden on IT support.
“A simple, innovative and secure login process is now a key success factor – particularly in view of the stringent security needs of the clientele of a private bank.”
Co-innovation – iterative processes for better results
However, defining requirements is one thing; implementing them is another matter entirely. And the implementation phase from the beginning of February was where the strength of iterative processes became apparent. The subsequent collaborative relationship can genuinely be described as co-innovation. One reason for this dynamic approach was certainly the cultural fit of the partners involved and the high level of commitment demonstrated by the participating teams. The other reason was the fact that the coronavirus crisis was increasingly looming on the horizon and was becoming a greater threat.
Simple login processes – a success factor for companies
Airlock 2FA was implemented and tested in the Secure Access Hub shortly before lockdown and has proven its worth ever since. The benefits of the Swiss IT security solution go far beyond the crisis situation, as Steve Erzberger highlighted. ‘We now have a virtual desktop infrastructure that our employees can use to access their workstations from absolutely anywhere – from home, while on the move, or in meetings. It works through your internet browser. But what is even more important for us is that, with the 2FA solution from Airlock, it works in a totally secure and traceable way in line with the stringent compliance requirements of the sector.’ He continued: ‘A simple, innovative and secure login process is now a key success factor – particularly in view of the stringent security needs of the clientele of a private bank.’
To sum up the situation, a convincing solution was developed in a short space of time, thanks to 2FA and agile collaboration. No-one could have guessed that the fast time-to-market would be so tremendously important – but they were still able to reap the benefits when it mattered. However, the implementation of new login processes may well meet with resistance from users, as Steve Erzberger explained: ‘No project has received so much praise in such a short space of time as the switch to two-factor authentication.’
The Airlock Secure Access Hub protects the entire virtual desktop environment, Webex, Office 365, e-services and Filebox. The goal of being able to map all the potential use cases for employees, partners and customers with one solution has been achieved.
About Airlock
The Airlock Secure Access Hub combines the important IT security issues of filtering and authentication into a well-coordinated overall solution that sets standards in terms of usability and services. The Secure Access Hub covers all important functions of modern IT security in this field: from a web application firewall (WAF) awarded by journalists, to a customer identity and access management system (cIAM) trusted by Swiss banks, to API security that meets the latest requirements. The Airlock IT security solution protects more than 20 million active digital identities and 30,000 back-ends from over 550 customers around the world.
For more information, visit www.airlock.com